diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2010-06-12 23:30:14 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2010-06-16 17:55:55 -0400 |
| commit | 109f6e39fa07c48f580125f531f46cb7c245b528 (patch) | |
| tree | 9ec97679c227394a44ebede5768f92d970cea6eb /net/core | |
| parent | 3f551f9436c05a3b5eccdd6e94733df5bb98d2a5 (diff) | |
af_unix: Allow SO_PEERCRED to work across namespaces.
Use struct pid and struct cred to store the peer credentials on struct
sock. This gives enough information to convert the peer credential
information to a value relative to whatever namespace the socket is in
at the time.
This removes nasty surprises when using SO_PEERCRED on socket
connetions where the processes on either side are in different pid and
user namespaces.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Acked-by: Daniel Lezcano <daniel.lezcano@free.fr>
Acked-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/core')
| -rw-r--r-- | net/core/sock.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/net/core/sock.c b/net/core/sock.c index db8335ad755..0229d5566a4 100644 --- a/net/core/sock.c +++ b/net/core/sock.c | |||
| @@ -915,11 +915,15 @@ int sock_getsockopt(struct socket *sock, int level, int optname, | |||
| 915 | break; | 915 | break; |
| 916 | 916 | ||
| 917 | case SO_PEERCRED: | 917 | case SO_PEERCRED: |
| 918 | if (len > sizeof(sk->sk_peercred)) | 918 | { |
| 919 | len = sizeof(sk->sk_peercred); | 919 | struct ucred peercred; |
| 920 | if (copy_to_user(optval, &sk->sk_peercred, len)) | 920 | if (len > sizeof(peercred)) |
| 921 | len = sizeof(peercred); | ||
| 922 | cred_to_ucred(sk->sk_peer_pid, sk->sk_peer_cred, &peercred); | ||
| 923 | if (copy_to_user(optval, &peercred, len)) | ||
| 921 | return -EFAULT; | 924 | return -EFAULT; |
| 922 | goto lenout; | 925 | goto lenout; |
| 926 | } | ||
| 923 | 927 | ||
| 924 | case SO_PEERNAME: | 928 | case SO_PEERNAME: |
| 925 | { | 929 | { |
| @@ -1133,6 +1137,9 @@ static void __sk_free(struct sock *sk) | |||
| 1133 | printk(KERN_DEBUG "%s: optmem leakage (%d bytes) detected.\n", | 1137 | printk(KERN_DEBUG "%s: optmem leakage (%d bytes) detected.\n", |
| 1134 | __func__, atomic_read(&sk->sk_omem_alloc)); | 1138 | __func__, atomic_read(&sk->sk_omem_alloc)); |
| 1135 | 1139 | ||
| 1140 | if (sk->sk_peer_cred) | ||
| 1141 | put_cred(sk->sk_peer_cred); | ||
| 1142 | put_pid(sk->sk_peer_pid); | ||
| 1136 | put_net(sock_net(sk)); | 1143 | put_net(sock_net(sk)); |
| 1137 | sk_prot_free(sk->sk_prot_creator, sk); | 1144 | sk_prot_free(sk->sk_prot_creator, sk); |
| 1138 | } | 1145 | } |
| @@ -1968,9 +1975,8 @@ void sock_init_data(struct socket *sock, struct sock *sk) | |||
| 1968 | sk->sk_sndmsg_page = NULL; | 1975 | sk->sk_sndmsg_page = NULL; |
| 1969 | sk->sk_sndmsg_off = 0; | 1976 | sk->sk_sndmsg_off = 0; |
| 1970 | 1977 | ||
| 1971 | sk->sk_peercred.pid = 0; | 1978 | sk->sk_peer_pid = NULL; |
| 1972 | sk->sk_peercred.uid = -1; | 1979 | sk->sk_peer_cred = NULL; |
| 1973 | sk->sk_peercred.gid = -1; | ||
| 1974 | sk->sk_write_pending = 0; | 1980 | sk->sk_write_pending = 0; |
| 1975 | sk->sk_rcvlowat = 1; | 1981 | sk->sk_rcvlowat = 1; |
| 1976 | sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT; | 1982 | sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT; |